5.2.6 Security Release - why no patch?

[Chris74]

Aww, isn't that sweet - have you met easyhosting? If not, you should. Both of the same ilk.

 

A bitter and childish response. Try to respect the opinions of others and perhaps learn some manners.

 

A total misunderstanding of the situation Chris74

 

The "situation" is simply that an urgent security update has been released and you are required to update WHMCS in the same way you normally do - except that there are no template or database changes. If you've somehow interpreted that differently, then I guess you have misunderstood the situation yourself.

 

and if that's how you think you go about winning friends and influencing people who are your peers on this community - you probably shouldn't be in the hosting business either. It's not that simple.

 

If you feel insulted by my comments, I apologise to you, but I'd suggest that you may have misinterpreted what I said, or maybe you are very sensitive? It was not my intention to offend anyone. I gave my opinion, which I am fully entitled to and I stand by my comments.

 

I should make it clear that it is not my intention to influence anyone, or to make friends here. Only to give my truthful and honest opinion. I don't use this forum for social purposes. If that is your reason for being here, it doesn't mean everyone else is too.

 

IF you got it working, a simple 'it worked for me' would suffice

 

You are not a moderator of these forums, so please don't try and tell me how to use them.

 

- not telling everybody how stupid they are and insulting them.

 

I did no such thing.

 

I'm glad you did the upgrade and it worked for you - seriously

 

Thanks

Edited July 26, 2013 by Chris74

[openmind]

The thing I don't get is why people don't do a diff on their files against new ones?

 

Every upgrade that comes out be it a point upgrade or a security patch I use WinMerge on to move the changes over. Obviously on the encoded stuff it makes no difference and these get copied straight over but everything else is checked file by file.

 

In addition, it goes noweher near my production install without first testing on my local dev machine. Seeing as full license holders don't have to pay for a dev license and it takes 5 minutes to setup a simple LAMP install there isn't a reason not to test locally. Sure there is some stuff you cannot fully test but the critical issues you can.

[123server]

I just want to take a moment and comment on these remarks, both the one above and the general comments about releases being problematic recently.

 

Firstly no one is taking a "back seat". Everyone at WHMCS is dedicated and is working diligently to not only ensure the long-term viability of the company, product, and services of WHMCS, but the overall customer experience with WHMCS, and that includes myself.

 

But with that said, no release can ever be completely bug free. And when you must maintain, release, publish and support multiple versions, the potential for imperfect releases inevitably increases.

 

We as a company have made a lot of big strides forward over the past several months to address this reality. I do not wish to go on the defensive, however from my perspective I find it curious that people are labelling the latest round of releases "bad". The releases that were made on Wednesday morning were Targeted Security Releases which contained some very important and low-level changes within the product: these changes affected many parts of the product, and the permutation complexity was therefore extremely high. But the number of technical issues that have been reported from these changes are far less than previous releases that contained a similar, or even lesser, impact level. So given that perspective, I'd have to say that we're moving in the right direction: we are able to deliver more sophisticated change, in a shorter time frame, with less impact to customers than before.

 

In addition, as some of you will have noticed, build numbers are another thing we have introduced to address the concerns some people have had in the past regarding changing of updates once released, something which does not and will not happen again, and the first public release of 5.2.6 was build 3, as builds 1 and 2 both went through our internal QA process, during which issues were discovered and fixed prior to the release ever making it out the door.

 

Hopefully I will have an opportunity in the near future to blog or discuss in detail the changes that we've implemented at WHMCS over the last several months and how everyone benefits from them. However, now is not the time for that. Our Support team is receiving many tickets and doing a great job of analyzing and creating internal cases. From there the Developers, QA, and I can easily identify regressions or pre-existing issues and prepared fixes appropriately.

 

So while yesterday's releases weren't perfect, and we have room for improvement, we are making improvements and we plan to make many more: continually making internal process, as well as physical code changes, that improve the functionality, reliability and safety of WHMCS.

 

Regards,

 

Matt

 

Thank you Matt, it's great to know you're still around and things are being done. We still love your product!

[easyhosting]

Aww, isn't that sweet - have you met easyhosting? If not, you should. Both of the same ilk.

 

 

What a unwarranted and childish remark, because some of us know how to upgrade and not have any issues/bugs

[ckh]

I'm entitled to my opinion, just like you. You have expressed that you would have preferred a "patch" - yet WHMCS have explained their reasons for making this a full version and you continue to make a fuss about it.

 

You should never have to "scour the files" to see what has been changed, unless you have not made any record of the files you have modified / replaced - or if you have decrypted and modified the core files, which would break your licence anyway. Why would it take you hours?

 

If you backup your files and the upgrade doesn't work - it takes only a few seconds to put it back the way it was. There are no DB changes. This is a very low risk procedure.

 

As I said, I'm entitled to my opinion in the same way as you. I've read the comments in this thread and my opinion is that many people (not all) who've made negative comments are just making a big fuss and panicking for no real reason. This is a discussion forum. I'm entitled to disagree with your "feedback".

 

I truly believe that WHMCS have got to change the way they work and communicate and they are clearly a company that is going through a period of disruption and change - but it takes time to move those changes forward. Not long ago there were issues with support ticket replies taking several days - but they've taken on new staff and I'm pleased to say the response times have improved. This shows that they are making efforts to improve in that area and in other areas.

 

I was royally pissed off when they released the recent Nominet changes at the last minute and failed to communicate properly about it. I gave my feedback then, as I do now.

 

In this case, I don't think that your criticism is valid. They released an urgent, critical security update that required a replacement of all core files. Personally - I just got on with it and updated our installation and it went without incident.

 

Thanks to WHMCS for working quickly to fix the security issues.

 

I've been doing updates since 2007. I have three whmcs sites so I know how to do updates, thank you. They could have easily left out some directories that they didn't update. I got enough things to do than having to make my own patch. That's what I pay whmcs to do.

 

Updating a patch would have saved me a lot of time. It would have saved me more time if whmcs had patched the files that had the bugs in them instead of doing a full install, esp without backup the files up. These weren't bugs I introduced but bugs in the script which was confirmed in the ticket.

 

If they had time to create patches for the older outdated installations, they should have made the attempt to make a patch for the latest. I don't believe it was an issue to get it out as quick as possible as I believe they said they put it through rigorous testing first. I believe it was a bad decision on their point to not take a little extra time and and make a patch. I say a little extra time as I have the ioncube encoder also, know how it works, and it wouldn't have taken much effort at all run the encoder a second time excluding unnecessary files, probably 15 minutes at the most. That extra 15 minutes would have made a lot of folks happy.

 

I think whmcs is a great product and will continue to use it, I'm just extremely disappointed in the way this last update was done.

[Infopro]

Hi Si!

Aww, isn't that sweet - have you met easyhosting? If not, you should. Both of the same ilk.

 

A total misunderstanding of the situation Chris74 - and if that's how you think you go about winning friends and influencing people who are your peers on this community - you probably shouldn't be in the hosting business either. It's not that simple.

 

IF you got it working, a simple 'it worked for me' would suffice - not telling everybody how stupid they are and insulting them. I'm glad you did the upgrade and it worked for you - seriously

 

These sorts of comments should be avoided going forward sir.

 

 

Thanks.

[Si]

Hi Si!

 

These sorts of comments should be avoided going forward sir.

 

Thanks.

ok - you're the boss

[easyhosting]

It would have saved me more time if whmcs had patched the files that had the bugs in them instead of doing a full install, esp without backup the files up.

 

why would WHMCS want to backup your files. The installation/upgrade instructions clearly states as point 1

 

1. Begin by taking a full backup of your WHMCS system - both files and database using a tool such as phpMyAdmin
   

[ckh]

why would WHMCS want to backup your files. The installation/upgrade instructions clearly states as point 1

 

Yes, you are correct, that is what it says. I opened up a support ticket for a couple reasons, a very minor reason was that it was saying I was running 5.3.0 and an update was available to 5.2.6.

 

The main reason was that displaying tickets got all messed up. The filter button wasn't working correctly. The following day after the ticket was created, they went in and just did a complete install instead of fixing the affected issues.

 

When I did the update, I backed everything up. When they did the update the following day, they didn't.

 

There's things that I do to the updates before I update it. Like, I only use on domain registrar so I only upload the module for the one I use that way I only have the ones I use there. Same with payment processors. I modify some templates, so I'm careful about overwriting them.

 

So, you really can't tell when they will go in to fix a problem so you can do a current backup, esp when an upgrade just comes out. They really should follow their own instructions and do a backup before doing a full install.

 

When they were done I had to go in and undo some of the unnecessary file uploading.

[easyhosting]

Yes, you are correct, that is what it says. I opened up a support ticket for a couple reasons, a very minor reason was that it was saying I was running 5.3.0 and an update was available to 5.2.6.

 

The main reason was that displaying tickets got all messed up. The filter button wasn't working correctly. The following day after the ticket was created, they went in and just did a complete install instead of fixing the affected issues.

 

 

strange it showed 5.3.0, After i tested the upgrade in dev install without any errors/bugs. I decided to upgrade my production, but as i have custom template and also custom work in lang file i upgraded everything apart from the lang and templates folder and have had no ticket or any other issues with 5.2.6. So either i was lucky or issues that others are having is from within lang and/or templates folder.

[Infopro]

Yes, you are correct, that is what it says. I opened up a support ticket for a couple reasons, a very minor reason was that it was saying I was running 5.3.0 and an update was available to 5.2.6.

 

The main reason was that displaying tickets got all messed up. The filter button wasn't working correctly. The following day after the ticket was created, they went in and just did a complete install instead of fixing the affected issues.

 

When I did the update, I backed everything up. When they did the update the following day, they didn't.

 

Replacing all files was the suggested course of action. Why backup your freshly updated possibly broken files?

 

There's things that I do to the updates before I update it. Like, I only use on domain registrar so I only upload the module for the one I use that way I only have the ones I use there. Same with payment processors.

 

WHMCS Technical Support uploaded too many files to your server then, is that it?

 

I modify some templates, so I'm careful about overwriting them.

 

Sounds like you modify the default templates instead of having your own custom style that doesn't get touched on updating all WHMCS files to me. IMHO, the default Template should be left alone for falling back to, when needed, like during an update.

 

So, you really can't tell when they will go in to fix a problem so you can do a current backup, esp when an upgrade just comes out. They really should follow their own instructions and do a backup before doing a full install.

 

If you had a fresh backup, just updated your WHMCS, then ran into troubles and put in a ticket asking for help, they came and did exactly what you asked them to do. Try and fix it.

 

When they were done I had to go in and undo some of the unnecessary file uploading.

 

You had to remove the extra files the WHMCS Technical Support uploaded to the server. I'm sorry, I don't mean for this to sound negative, but that doesn't sound too awful painful to me. Certainly not as painful as having a broken WHMCS because I edited the default template and didn't have a fall back plan for when it broke.

[WHMCS Chris]

Howdy!

 

You asked for a patch release, and you got it! http://blog.whmcs.com/?t=76327